IDG Connect: 2017 State of Digital Defense Research – Spotlight on UK Industry

Businesses today are in the throes of digital transformation, accelerating their online presence to enrich products, deepen customer relationships, and boost their brand. But these organizations are struggling to protect this new digital attack surface from cyber adversaries leveraging the same digital channels that they are.

With more than 75% of enterprise security breaches due to external threat actors, how are organisations preparing their digital defences to meet the challenge of web, mobile and social threats? To glean insights into the current landscape of digital threats and the maturity of defenses to protect an organization’s digital presence, RiskIQ published its 2017 State of Enterprise Digital Defense Report conducted by IDG Connect. This is the spotlight edition that shows the the differences between what is happening in the US and in the UK.

Overall, the survey revealed a bleak outlook of the digital defense posture across industries, with many enterprise security practitioners overwhelmed by the scale and tenacity of external digital threats and lacking confidence in their processes, systems, and tools. However, the results were not without shimmers of positivity.

UK research highlights include:

68% cited modest to no confidence to manage digital threats

Malware and phishing attack are prevalent, but brand abuse was cited as most frequently reported incident

Malware and malicious mobile apps were the most impactful of attacks

76% cited no to moderate confidence in reducing their digital attack surface – worse than US

71% cited modest to no confidence to mitigate or prevent external digital threats

47% of UK organizations plan to increase digital defense investment by 15-25%, and 13% will increase tool and service expenditure by more than 25%

To get some comparative digital defense details and insights between US and UK perceptions—download the full report here.

Our findings in this report were often negative. There’s very limited high confidence that organisations can effectively identify, defend against and manage the growing stream of digital attacks they face. Most felt that they had inadequate defences and could not reduce their digital attack surface.

Furthermore, the amount of tools used to address the broad spectrum of threats did not proportionally demonstrate that more tools are better. The findings suggest that threat intelligent tool capabilities, tool consolidation, and more effective implementation of those tools by enterprises should be on the immediate horizon.

A few reasons for optimism did arrive. Our audience is generally aware of digital threats. Clearly, they felt that using cyber intelligence tools would help them better manage digital threats, and the majority of respondents are using, growing their adoption of, or plan to use digital threat intelligence and management tools.

When we analysed the splits between the US and the UK, we consistently found that the US was more advanced in their application and investment in digital threat management tasks and tools than their UK counterparts. Each region had slightly different impact, focus and capacity. At the same time, all organisations plan for increased investment.

These, at least, are positive signs. If we are to progress digital transformation, information security must align itself with their business constituents. This includes mitigating unauthorised access, brand abuse, sensitive data loss, privacy compliance and reputation risks that come with the exploitation of web, social and mobile channels. As information security professionals continue to safeguard business, brand and consumer interaction beyond the firewall, so too will threat intelligence and digital threat management platforms evolve to support this transformation.